We developed this information to provide our consortium members, subcontractors, and suppliers with the ability to quickly reference information that they will need to work with our company and navigate the federal marketplace.
Advanced Technology International (ATI) is a nonprofit committed to our collaborative technology development model. Forming mutually beneficial relationships with our large business, small business and academia partners is key to that model, as we strive for excellence in delivery of outstanding technology innovation outcomes to our customers.
This information is one means of providing effective engagement with all of our industry partners, including the opportunity to connect with small, minority, women and veteran-owned small businesses interested in working with us.
We hope you find this information helpful. Please feel free to contact our Corporate Contracts & Procurement Department if there are any questions or you need additional information.
In order to register in the System of Award Management (SAM), an organization will first need to receive a Dun and Bradstreet number (D-U-N-S®). Your business Tax ID number, bank account, bank routing number and business address are necessary to apply for this number.
System for Award Management (SAM)
All companies desiring to do business with the Federal Government are required to have an active record on the Government’s System for Award Management (SAM).
SAM is the Official U.S. Government system that consolidated the capabilities of CCR/FedReg, ORCA and EPLS. There is NO fee to register.
ATI subcontractors and suppliers shall complete the Representations and Certifications in SAM.gov.
Obtaining a DD Form 2345 - Militarily Critical Technical Data Agreement
A DD Form 2345 is required by U.S. contractors that wish to obtain access to unclassified technical data disclosing militarily critical technology with military or space application that is under the control of, or in the possession of the U.S. Department of Defense (DoD).
Many of ATI-managed consortia require prospective members to obtain a DD Form 2345. In order to obtain a DD Form 2345, an organization is required to have a CAGE code. An organization must register in the System for Award Management (SAM) in order to obtain a CAGE code. Lastly, in order to register in SAM, an organization will first need to receive a Dun and Bradstreet number (D-U-N-S). Your business Tax ID number, bank account, bank routing number and business address are also necessary.
Click on the video image below to view ATI’s training on How to Obtain a DD Form 2345 Certification:
It is the intent of ATI that small businesses are given an equitable opportunity to compete for ATI purchases consistent with the efficient performance of our business. Each division in ATI will comply with the intent of the requirements set forth by FAR 52.219. Should your business meet any of the small business criteria listed, you are encouraged to contact sbadminSum@ati.org to be registered as a vendor with ATI and be considered for future purchases and business needs.For subcontracts that are subject to the Federal Acquisition Regulations, Small Business Classifications include (these are all self-certified classifications, except for the HubZone):
Representations and Certifications (Reps and Certs)
In accordance with FAR Subpart 4.12, ATI is prohibited from awarding a procurement funded under a U.S. Government contract unless the seller certifies it complies with certain U.S. Government policies and laws. In order to facilitate this requirement, your contracts or purchasing representative will verify your organization has active Representations and Certifications at SAM.gov.
Vendor Management
ATI maintains a database of all vendors, suppliers, and subcontractors who are and have done business with us. Please contact your contracts or purchasing representative to register as a new vendor or update previously submitted information as an existing member.
Vendor forms (including a W-9 Form, Electronic Funds Transfer Request Form and Small Business Self-Certification Form) can be provided to you via email for completion.
Invoicing and Prompt Payment
ATI’s standard payment terms are NET 30 days from the date an acceptable invoice is received. However, other payment terms may be negotiated with your contracts representative. Please refer to your subcontract agreement or purchase order for the applicable payment terms.
In order to facilitate prompt payment of invoices submitted to ATI, we ask that you please forward your invoices to afgforms@ati.org.
Please refer to your subcontract agreement or purchase order for guidance on submitting an acceptable invoice.
Payment Inquiries may be directed to your ATI subcontract representative or afgforms@ati.org
Contracting
ATI is committed to providing procurement services of the highest quality to exceed the expectations of all of our business partners. We ensure that ATI agreements reflect the best value for our clients and partners. It is our goal to build long term, mutually favorable relationships with our suppliers, subcontractors, team members and clients based on trust, honesty, and candor.
We welcome your questions and feedback as we strive to achieve our goals.
In order to register in the System of Award Management (SAM), an organization will first need to receive a Dun and Bradstreet number (D-U-N-S®). Your business Tax ID number, bank account, bank routing number and business address are necessary to apply for this number.
All companies desiring to do business with the Federal Government are required to have an active record on the Government’s System for Award Management (SAM).
SAM is the Official U.S. Government system that consolidated the capabilities of CCR/FedReg, ORCA and EPLS. There is NO fee to register.
ATI subcontractors and suppliers shall complete the Representations and Certifications in SAM.gov.
Obtaining a DD Form 2345 - Militarily Critical Technical Data Agreement
A DD Form 2345 is required by U.S. contractors that wish to obtain access to unclassified technical data disclosing militarily critical technology with military or space application that is under the control of, or in the possession of the U.S. Department of Defense (DoD).
Many of ATI-managed consortia require prospective members to obtain a DD Form 2345. In order to obtain a DD Form 2345, an organization is required to have a CAGE code. An organization must register in the System for Award Management (SAM) in order to obtain a CAGE code. Lastly, in order to register in SAM, an organization will first need to receive a Dun and Bradstreet number (D-U-N-S). Your business Tax ID number, bank account, bank routing number and business address are also necessary.
Click on the video image below to view ATI’s training on How to Obtain a DD Form 2345 Certification:
It is the intent of ATI that small businesses are given an equitable opportunity to compete for ATI purchases consistent with the efficient performance of our business. Each division in ATI will comply with the intent of the requirements set forth by FAR 52.219. Should your business meet any of the small business criteria listed, you are encouraged to contact sbadminSum@ati.org to be registered as a vendor with ATI and be considered for future purchases and business needs.For subcontracts that are subject to the Federal Acquisition Regulations, Small Business Classifications include (these are all self-certified classifications, except for the HubZone):
Representations and Certifications (Reps and Certs)
In accordance with FAR Subpart 4.12, ATI is prohibited from awarding a procurement funded under a U.S. Government contract unless the seller certifies it complies with certain U.S. Government policies and laws. In order to facilitate this requirement, your contracts or purchasing representative will verify your organization has active Representations and Certifications at SAM.gov.
ATI maintains a database of all vendors, suppliers, and subcontractors who are and have done business with us. Please contact your contracts or purchasing representative to register as a new vendor or update previously submitted information as an existing member.
Vendor forms (including a W-9 Form, Electronic Funds Transfer Request Form and Small Business Self-Certification Form) can be provided to you via email for completion.
ATI’s standard payment terms are NET 30 days from the date an acceptable invoice is received. However, other payment terms may be negotiated with your contracts representative. Please refer to your subcontract agreement or purchase order for the applicable payment terms.
In order to facilitate prompt payment of invoices submitted to ATI, we ask that you please forward your invoices to afgforms@ati.org.
Please refer to your subcontract agreement or purchase order for guidance on submitting an acceptable invoice.
Payment Inquiries may be directed to your ATI subcontract representative or afgforms@ati.org
ATI is committed to providing procurement services of the highest quality to exceed the expectations of all of our business partners. We ensure that ATI agreements reflect the best value for our clients and partners. It is our goal to build long term, mutually favorable relationships with our suppliers, subcontractors, team members and clients based on trust, honesty, and candor.
We welcome your questions and feedback as we strive to achieve our goals.
ATI has implemented a Supplier Code of Conduct which outlines our expectations for the high ethical and compliance standards we require from our Suppliers. The Supplier Code of Conduct is reflective of the standards for ATI Associates, Executives, Director, Partners, and Affiliates. ATI expects its suppliers, subcontractors, and vendors to not only comply with the ATI Supplier Code of Conduct but to also have their own Code of Conduct applicable to their organization and business operations. We value our relationship with your organization and thank you for being part of the continued success of ATI. If you should have any questions regarding ATI’s Supplier Code of Conduct, or need further assistance, please contact:
ATI has implemented an Ethics and Compliance Hotline (in accordance with FAR Part 52.203-13) to serve as a reporting mechanism through which employees, agents, and third party vendors may report suspected instances of improper conduct.
The hotline is available 24/7/365, and all reports may be made anonymously or named at:
The mission of the DoD Hotline is to provide a confidential, reliable means to report violations of law, rule or regulation, mismanagement, gross waste of funds, abuse of authority and classified information leaks involving the Department of Defense; as well as the detection and prevention of threats and danger to the public health and safety of the Department and our Nation.
Anyone may file a complaint with the DoD Hotline at 1-800-424-9098 to report fraud, misuse and misrepresentation relating to DoD contract.
Section 889 of the 2019 National Defense Authorization Act prohibits the federal government, government contractors, and grant and loan recipients from procuring or using certain “covered telecommunication equipment or services” that are produced by Huawei, ZTE, Hytera, Hikvision, and Dahua and their subsidiaries as a “substantial or essential component of any system, or as critical technology as part of any system.” This section of the 2019 NDAA has two sections both of which are in effect as of August 13, 2020.
Sec. 889(a)(1)(A) required the federal government, as of August 13, 2019, to not “procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”
Sec. 889(a)(1)(B), which is slated to go into effect on August 13, 2020, will prohibit the federal government from entering into or extending or renewing contracts with any entity that “uses any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”
Section 889(a)(1)(A) and 889(a)(1)(B) are incorporated into the Federal Acquisition Regulation (FAR) as sections 52.204-24; 52.204-25; and 52.204-26.
The following links include additional information about Section 889 of the 2019 NDAA:
ATI has implemented a Supplier Code of Conduct which outlines our expectations for the high ethical and compliance standards we require from our Suppliers. The Supplier Code of Conduct is reflective of the standards for ATI Associates, Executives, Director, Partners, and Affiliates. ATI expects its suppliers, subcontractors, and vendors to not only comply with the ATI Supplier Code of Conduct but to also have their own Code of Conduct applicable to their organization and business operations. We value our relationship with your organization and thank you for being part of the continued success of ATI. If you should have any questions regarding ATI’s Supplier Code of Conduct, or need further assistance, please contact:
ATI has implemented an Ethics and Compliance Hotline (in accordance with FAR Part 52.203-13) to serve as a reporting mechanism through which employees, agents, and third party vendors may report suspected instances of improper conduct.
The hotline is available 24/7/365, and all reports may be made anonymously or named at:
The mission of the DoD Hotline is to provide a confidential, reliable means to report violations of law, rule or regulation, mismanagement, gross waste of funds, abuse of authority and classified information leaks involving the Department of Defense; as well as the detection and prevention of threats and danger to the public health and safety of the Department and our Nation.
Anyone may file a complaint with the DoD Hotline at 1-800-424-9098 to report fraud, misuse and misrepresentation relating to DoD contract.
Section 889 of the 2019 National Defense Authorization Act prohibits the federal government, government contractors, and grant and loan recipients from procuring or using certain “covered telecommunication equipment or services” that are produced by Huawei, ZTE, Hytera, Hikvision, and Dahua and their subsidiaries as a “substantial or essential component of any system, or as critical technology as part of any system.” This section of the 2019 NDAA has two sections both of which are in effect as of August 13, 2020.
Sec. 889(a)(1)(A) required the federal government, as of August 13, 2019, to not “procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”
Sec. 889(a)(1)(B), which is slated to go into effect on August 13, 2020, will prohibit the federal government from entering into or extending or renewing contracts with any entity that “uses any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”
Section 889(a)(1)(A) and 889(a)(1)(B) are incorporated into the Federal Acquisition Regulation (FAR) as sections 52.204-24; 52.204-25; and 52.204-26.
The following links include additional information about Section 889 of the 2019 NDAA:
In October of 2016, DoD adopted a final rule amending the Defense Federal Acquisition Regulation (DFARS), which requires contractors to report on network penetrations. While the main elements of the DFARS Clause 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) remained intact, the final rule and DFARS clause 252.204-7012 did include several updates and clarifications. However, please be advised that your company should adhere to the version of the DFARS clause contained in your subcontract agreement. The current version of the DFARS clause is available here.
The Cybersecurity Maturity Model Certification, or CMMC, is the next stage in the Department of Defense’s (DoD) efforts to properly secure the Defense Industrial Base (DIB). In the simplest of terms, the DoD announced in mid 2019 that it is creating a cybersecurity assessment model and certification program. On January 31st, 2020, DoD officials released CMMC 1.0.
The CMMC combines various cybersecurity standards and best practices and maps these controls and processes across several maturity levels that range from basic to advanced cyber hygiene. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
The intent is for certified independent 3rd party organizations to conduct audits and inform risk.
The following is a list of resources to assist you in identifying areas that need improvement in your security requirements checklist. These resources may also provide assistance in becoming NIST 800-171 compliant.
Train employees in security principles – have standards of protocol and behavior
Protect hardware, networks and information – update antivirus software
Create mobile device action plan – use password protection, encrypt data and use security apps on phones that have access to confidential information; establish reporting procedure for lost or stolen phones
Back up important data and information – back up documents and information to computers and to the cloud or offsite
Control physical access to computers – lock up laptops when unused; create user accounts for each employee; allow administrative privileges only to trusted IT staff and personnel
Secure Wi-Fi networks – make sure wireless is encrypted, SSID is hidden and networks have passwords
Use best practices with payment cards – work with banks and processors to set up anti-fraud services; do not use the same computer to process payments and surf the internet
Limit employee access and authority – give employees access only to the data systems necessary for their tasks; do not allow installation of software without permission
Require passwords and authentication – have employees use unique passwords and require them to change these passwords every three months; consider further authentication practices with additional information; check with vendors who handle sensitive information
Information Source: U.S. Small Business Administration.
June 23, 2017 - DoD Industry Information Day
On June 23, 2017, the Chief Information Officer of DoD hosted an Industry Information Day to brief the implementation of the new Cybersecurity rules, and to address industry feedback. Attached, for your convenience, is a copy of the very detailed presentation regarding “Cybersecurity Challenges – Protecting DoD’s Unclassified information”.
In October of 2016, DoD adopted a final rule amending the Defense Federal Acquisition Regulation (DFARS), which requires contractors to report on network penetrations. While the main elements of the DFARS Clause 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) remained intact, the final rule and DFARS clause 252.204-7012 did include several updates and clarifications. However, please be advised that your company should adhere to the version of the DFARS clause contained in your subcontract agreement. The current version of the DFARS clause is available here.
The Cybersecurity Maturity Model Certification, or CMMC, is the next stage in the Department of Defense’s (DoD) efforts to properly secure the Defense Industrial Base (DIB). In the simplest of terms, the DoD announced in mid 2019 that it is creating a cybersecurity assessment model and certification program. On January 31st, 2020, DoD officials released CMMC 1.0.
The CMMC combines various cybersecurity standards and best practices and maps these controls and processes across several maturity levels that range from basic to advanced cyber hygiene. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
The intent is for certified independent 3rd party organizations to conduct audits and inform risk.
The following is a list of resources to assist you in identifying areas that need improvement in your security requirements checklist. These resources may also provide assistance in becoming NIST 800-171 compliant.
Train employees in security principles – have standards of protocol and behavior
Protect hardware, networks and information – update antivirus software
Create mobile device action plan – use password protection, encrypt data and use security apps on phones that have access to confidential information; establish reporting procedure for lost or stolen phones
Back up important data and information – back up documents and information to computers and to the cloud or offsite
Control physical access to computers – lock up laptops when unused; create user accounts for each employee; allow administrative privileges only to trusted IT staff and personnel
Secure Wi-Fi networks – make sure wireless is encrypted, SSID is hidden and networks have passwords
Use best practices with payment cards – work with banks and processors to set up anti-fraud services; do not use the same computer to process payments and surf the internet
Limit employee access and authority – give employees access only to the data systems necessary for their tasks; do not allow installation of software without permission
Require passwords and authentication – have employees use unique passwords and require them to change these passwords every three months; consider further authentication practices with additional information; check with vendors who handle sensitive information
Information Source: U.S. Small Business Administration.
On June 23, 2017, the Chief Information Officer of DoD hosted an Industry Information Day to brief the implementation of the new Cybersecurity rules, and to address industry feedback. Attached, for your convenience, is a copy of the very detailed presentation regarding “Cybersecurity Challenges – Protecting DoD’s Unclassified information”.
